Prevent the user from calling action method directly
Question
I have 3 View like this:
public ActionResult Index()
{
return View();
}
public ActionResult Step2()
{
return View();
}
public ActionResult Step3()
{
return View();
}
And 3 HttpPost Actions
//Step 1
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult Index(string number){}
//Step 2
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult Step2(string number){}
//Step 3
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult Step3(string number){}
For each HttpPost Action Method I have created a HTML Form and I want that the user submits each form step by step ( step 1 -> step 2 -> step 3 )
Everything is OK but I do not want users can go to redirect domain/controller/step2 or domain/controller/step3 . I mean, user must follow my router step 1 -> step 2 -> step3
1 answers
solution1
2 ACCPTED 2019-12-01 05:42:08
There are ways to solve your issue. One way to achieve this is by using TempData before your redirect command and check the TempData value in your HttpGet Action Method . For example for your Step 2 check you can do this:
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult Index(string number)
{
//your business code
TempData["FirstStepDone"] = true;
// return RedirectTo()
}
public ActionResult Step2()
{
if (TempData["FirstStepDone"] == null)
//return error
return View();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.